From 6250d2c3f8077f1b7b6707bc1ee31061ae53922f Mon Sep 17 00:00:00 2001
From: Tim Wilkinson <tim.j.wilkinson@gmail.com>
Date: Wed, 6 Dec 2023 11:53:35 -0800
Subject: [PATCH] Add missing mss clamping to tunnels (#980)

* Add missing mss clamping for tunnels

* Change to add from insert on firewall
---
 files/etc/local/mesh-firewall/01-tunnels | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/files/etc/local/mesh-firewall/01-tunnels b/files/etc/local/mesh-firewall/01-tunnels
index ff4e9949..b159a37d 100755
--- a/files/etc/local/mesh-firewall/01-tunnels
+++ b/files/etc/local/mesh-firewall/01-tunnels
@@ -104,3 +104,7 @@ nft add rule ip fw4 reject_to_vpn oifname "wg*" reject
 nft insert rule ip fw4 forward_dtdlink jump accept_to_vpn
 nft insert rule ip fw4 forward_wifi jump accept_to_vpn
 nft insert rule ip fw4 forward_lan jump accept_to_vpn
+nft add rule ip fw4 mangle_forward iifname "tun*" tcp flags syn tcp option maxseg size set rt mtu
+nft add rule ip fw4 mangle_forward oifname "tun*" tcp flags syn tcp option maxseg size set rt mtu
+nft add rule ip fw4 mangle_forward iifname "wg*" tcp flags syn tcp option maxseg size set rt mtu
+nft add rule ip fw4 mangle_forward oifname "wg*" tcp flags syn tcp option maxseg size set rt mtu